The time a hacker remotely bricked cars in Texas
When all things are hackable, all things will be hacked
Even in the age of the Internet, buying a car can be an expensive, frustrating, and laborious process. It’s even worse if you are unemployed or have limited resources. Fortunately, Texas Auto Center in Austin caters to just these customers, promising a car for everyone, “no matter if you have good credit, bad credit, a bankruptcy, repossession, or no credit at all.” Of course when times are rough, people do get behind in their loan payments, and repossession rates at some dealerships run as high as 45 percent. Repossessing cars is never fun, either for those who are about to lose their primary means of transportation or for the dealers who have to send out a fleet of tow trucks in search of the car. These vehicles are often purposefully hidden by those who know they are facing repossession. When the repo man and his tow truck eventually come calling, tempers flare, and many repo men have been punched, kicked, spit upon, bitten, stabbed, and even shot to death trying to recover the dealer’s property. Surely there had to be a better approach, and Texas Auto Center thought it had found just the solution.
The dealership purchased a new technological tool from the Cleveland-based Pay Technologies that promised a far superior alternative to the confrontational repossessions of yesteryear. Pay Technologies’ product was known as the WebTeckPlus, a system that allowed car dealers to install “a small black box, about the size of a deck of cards, cleverly concealed underneath a vehicle’s dashboard.” The devices were controlled remotely via a central Web site that relayed signals over a wireless network to the cars’ black boxes. When activated, the signal allowed the dealership to “disable a car’s ignition system or trigger the horn to begin honking,” a nice, if not too subtle, way to remind owners their payment was overdue. Texas Auto Center began slowly installing the boxes in its entire fleet, and before long more than eleven hundred cars had the system in place. In charge of administering the new high-tech repo management system was Omar Ramos-Lopez, a young credit collector at the dealership with an affinity for technology.
All seemed to work well with the new system until February 2010, when suddenly a few of Texas Auto Center’s customers’ cars just stopped running and would not restart. They had no idea why. A check of company records indicated that the clients were all current with their payments. Throughout the day, the number of complaints began to increase, and by the fifth day more than a hundred owners had flooded the dealership with their irate grievances. What was going on?
Customers throughout Texas suddenly had their cars bricked, completely un-drivable and unable to start. Randomly, in the middle of the night horns began honking out of control around the city of Austin, and police were called with numerous noise complaints. When the cops arrived, they discovered the horns could not be shut off until physically disconnected from their car battery cables. Worse, these hundred customers found themselves without transportation, forced to miss work and desperately needed paychecks.
Though the incident was initially dismissed as a “systemic mechanical failure,” something much more nefarious was at play. An intruder illegally accessed Texas Auto Center’s Web-based remote vehicle immobilization system and one by one began turning off their customers’ cars throughout the city. Attempts by the dealership to turn the cars back on were stymied because the hacker had also altered the records in its database, changing vehicle identification numbers and replacing the names of legitimate customers with those of celebrities, such as the long-dead rapper Tupac Shakur and the pop star Jennifer Lopez.
Clearly something was amiss, and eventually suspicions fell upon twenty-year-old Omar Ramos-Lopez, who had been fired from the dealership in the days prior to the widespread vehicular paralysis for “not meeting company standards.” Law enforcement officials alleged Ramos-Lopez used his knowledge of his former employer’s system and the password of a former co-worker to exact revenge for his firing by disabling cars en masse throughout Austin. The police investigation showed that the former collection agent logged in to Pay Technologies’ servers in Ohio from the AT&T broadband network leading to his home. Ramos-Lopez was arrested and charged with felony breach of a computer system.
As for Texas Auto Center, it is far from unique in its decision to install remote repo-man technology in its vehicles; today there are more than two million cars with the technology. There are tens of millions of vehicles around the world that can be controlled one way or another online, with thousands more being added to the global information grid every day. With such black boxes installed in more and more automobiles, it is becoming increasingly clear that there may be more back doors in your car than you ever realized.
Most Facebook users have no idea how the company tracks and profiles everything they do to target ads, a new Pew Research study confirms.
Huawei under U.S. criminal investigation for alleged theft of trade secrets from T-Mobile, other tech companies
China’s Huawei is the subject of a U.S. criminal investigation in which federal prosecutors say the Chinese tech company stole trade secrets from U.S. business partners including technology behind a robotic device T-Mobile used to test smartphones, called “Tappy.”
Following up on our earlier story about Roku re-platforming Alex Jones and Infowars, it looks like Roku got so much criticism from users, they’ve reversed course and will remove the Infowars app.
These days, there isn’t much our iPhone camera can’t do – except feel like an actual phone. Despite years of steadily increasing resolution and image sensing technology, we’re still taking shots awkwardly with two hands, fumbling for the shutter button. Leave it to an avid photographer to design Shuttercase, a versatile iPhone case that solves […]
Still determined to keep those New Year’s health resolutions? If you’re going to stick with the exercise plan, it’s enough of a challenge to budget your time. No need for your financial budget to take a hit, too. Here’s a more convenient – and cheaper – alternative to a gym membership or Peloton bike: Two […]
Want a career in web design? It’s true that these days, most anyone can throw up a page or two. But for true workhorse web design, you’ll sometimes need to match the platform to the project. Enter the Complete Front-End Developer Bundle, an educational grand tour around the best tools for the web. For beginners, […]